Vendor Risk Brief MCP avatar

Vendor Risk Brief MCP

Pricing

from $0.01 / 1,000 results

Go to Apify Store
Vendor Risk Brief MCP

Vendor Risk Brief MCP

Create evidence-led vendor due-diligence briefs from public website, DNS, email-security, TLS, and HTTP security-header signals. Observations are qualified and not definitive risk ratings.

Pricing

from $0.01 / 1,000 results

Rating

0.0

(0)

Developer

Jordan C

Jordan C

Maintained by Community

Actor stats

0

Bookmarked

1

Total users

0

Monthly active users

6 days ago

Last modified

Categories

Share

An Apify-hosted MCP server for business, procurement, and security agents that need a compact, evidence-led view of public vendor website and domain signals.

It reports what was publicly observed at request time and deliberately does not declare a vendor safe, unsafe, compliant, or assign a definitive risk rating.

Tools

  • create-vendor-brief — requires domain. Returns normalized domain, website title and meta description, public contact/social links, HTTP status and redirect observations, selected security headers, and MX/NS/TXT DNS facts with indicators and caveats.
  • inspect-email-security — requires domain. Returns observed MX, SPF TXT, and DMARC TXT records with presence/missing/invalid-looking indicators. These are DNS observations, not a deliverability guarantee.
  • inspect-web-security — requires url or domain. Returns final URL, HTTPS use, status, observable redirect chain, HSTS/CSP/X-Frame-Options/X-Content-Type-Options/referrer-policy headers, TLS details when available, and bounded observations.
  • compare-vendors — requires domains containing 2–5 domains. Returns compact objective public facts and indicators for each.

Collection approach and limits

  • Website requests use a VendorRiskBriefMCP/1.0 User-Agent, an 8-second timeout, and at most five redirects.
  • Static HTML is parsed with Cheerio. The tool only returns public mailto:, tel:, page-visible email addresses, and common social-profile links.
  • DNS is first queried through Node dns/promises; MX, NS, and TXT lookups use Google DNS-over-HTTPS only if the local resolver fails.
  • Security headers are from a single public HTTP response. DNS, web, and TLS results can change and may be incomplete due to network controls, CDNs, or unavailable services.

Run locally

npm install
npm run build
npm test
npm run schema
npm run start:dev

The streamable HTTP MCP endpoint is http://localhost:3000/mcp (or the APIFY_CONTAINER_PORT port). A GET / supports Apify standby readiness probes.

Deploy

apify login
apify push

Connect an MCP client to https://<actor-host>/mcp and authenticate with an Apify Bearer token when deployed.

Billing

Every MCP tool execution calls await Actor.charge({ eventName: 'tool-call' }). Configure the matching tool-call event from .actor/pay_per_event.json in the Actor monetization settings.